The official expressed concern that sensitive information — notably command data for European satellites — is unencrypted, because many were launched years ago without advanced onboard computers or encryption capabilities.
According to the article the satellites that were shadowed were:
I’m a software engineer in space and the things I’ve heard are astounding. Basically space software as a sector is super backwards and operated under a “We’re too far away to be hacked” mentality for way too long.
Thankfully, that is changing, and the EU Space Act mandates cybersec in some cases
What I observe is not so much a “we’re too far away to be hacked” mentality, but rather a lackluster approach to software:
“Software is just the cream on top that enables the real power of the hardware. So let’s have our hardware engineers do the software as a side exercise. Surely it can’t be that hard.”
Then you get hardware engineers, most of whom are fucking stupid in terms of SW development, writing flight software.
My understanding is that in space systems, generally robustness trumps everything else, so old stable versions of everything are preferred. So it’s generally a very conservative software stack and process.
So it’s generally a very conservative software stack and process.
Yes, but that sort of process promotes non-adoption of techniques and processes that could increase robustness but are shunned due to pessimistic conservativeness
There was something of a to-do a couple years ago when some researchers were trying to see how strong encryption satellites were using and whether they could break it and discovered that a number of of satellite operators weren’t bothering to encrypt things at all.
A new study from the University of California San Diego (UCSD) and the University of Maryland has performed the most comprehensive public exploration into geostationary (GEO) satellite security yet, logging large amounts of unencrypted data being broadcast across 411 transponders on 39 GEO satellites, which were intercepted with a simple commercial-off-the-shelf satellite dish costing a few hundred dollars.
According to the article the satellites that were shadowed were:
That wasn’t that long ago relative to encryption being done on computers.
I’m a software engineer in space and the things I’ve heard are astounding. Basically space software as a sector is super backwards and operated under a “We’re too far away to be hacked” mentality for way too long. Thankfully, that is changing, and the EU Space Act mandates cybersec in some cases
What’s it like typing in zero-G? Does the keyboard float away from you?
No, we tape it to the table, duh. But it’s annoying when the tape covers the spacebar!
How quickly could a radio wave get to space? Three minutes? Nah, it’s fine. /s
What I observe is not so much a “we’re too far away to be hacked” mentality, but rather a lackluster approach to software: “Software is just the cream on top that enables the real power of the hardware. So let’s have our hardware engineers do the software as a side exercise. Surely it can’t be that hard.” Then you get hardware engineers, most of whom are fucking stupid in terms of SW development, writing flight software.
Ah yes, assuming experience in your field basically translates to every other field. A tale as old as time.
My understanding is that in space systems, generally robustness trumps everything else, so old stable versions of everything are preferred. So it’s generally a very conservative software stack and process.
Theoretically
Yes, but that sort of process promotes non-adoption of techniques and processes that could increase robustness but are shunned due to pessimistic conservativeness
Oh yes absolutely. I was not trying to justify the design choices, just trying to explain their internal rationale.
Yeah a fair bit of that too!
Yeah, wtf is going on. GPG was released in 1999 and encryption existed before that too. https://www.ssldragon.com/blog/history-of-ssl-tls-versions/
How is this unencrypted
There was something of a to-do a couple years ago when some researchers were trying to see how strong encryption satellites were using and whether they could break it and discovered that a number of of satellite operators weren’t bothering to encrypt things at all.
EDIT:
This might be more recent than that:
https://www.kratosspace.com/constellations/articles/the-state-of-satellite-encryption
Wow. Amazing. I basically encrypt everything by default because I’m so paranoid. Sometimes multiple layers of encryption